Lucene search

MitreCVE-2008-2123

HistoryMay 09, 2008 - 6:20 p.m.

CVE-2008-2123

2008-05-0918:20:00

CWE-79

mitre

web.nvd.nist.gov

sap

its 6.20

xss vulnerability

remote attack

web script injection

html injection

wgate

cve-2008-2123

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.946

Percentile

99.3%

JSON

Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a “<>” sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.

Affected configurations

Nvd

Node

sapinternet_transaction_serverMatch6200.1017.50954.0_build_730827

VendorProductVersionCPE
sapinternet_transaction_server6200.1017.50954.0_build_730827cpe:2.3:a:sap:internet_transaction_server:6200.1017.50954.0_build_730827:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	internet_transaction_server	6200.1017.50954.0_build_730827	cpe:2.3:a:sap:internet_transaction_server:6200.1017.50954.0_build_730827:::::::*

References

secunia.com/advisories/30128

www.portcullis-security.com/275.php

www.securityfocus.com/bid/29103

www.securitytracker.com/id?1019998

www.vupen.com/english/advisories/2008/1466/references

exchange.xforce.ibmcloud.com/vulnerabilities/42281

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.946

Percentile

99.3%

JSON

Related for CVE-2008-2123